[j-nsp] Disable telnet/ssh access from virtual routers
Stacy W. Smith
stacy at acm.org
Wed Jul 15 12:20:37 EDT 2015
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23547
The article states it applies to VRFs, but it also applies to routing instances of type "virtual-router".
--Stacy
> On Jul 15, 2015, at 10:11 AM, Victor Sudakov <vas at mpeks.tomsk.su> wrote:
>
> Colleagues,
>
> I have customers' networks connected to routing-instances of type
> "virtual-router." These routing-instances are supposed to be isolated
> and use their own address space.
>
> However, a customer can telnet/ssh from their network to the
> virtual-router's IP address effectively telnetting to the main device.
>
> Is there an elegant way to prevent this from happening, i.e. to permit
> telnet/ssh access from hosts in the inet.0 table but deny from hosts
> from the CUSTOMERXX.inet.0 table?
>
> Thanks in advance for any input.
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> sip:sudakov at sibptus.tomsk.ru
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list